The Vow — Legal

Privacy Policy

Last updated: July 2, 2026

1. Who we are

The Vow (“we”, “us”) is a smart wedding invitation platform available at https://www.thevow.life. It lets couples (“hosts”) create digital invitations, share private links with their guests, and track RSVPs. This policy explains what data we collect, why, and the choices you have. For any privacy question, email hello@thevow.life.

2. Data we collect from hosts

When you create an account we collect your name, email address and a password (stored only as a secure hash by our authentication provider). If you sign in with Google, we receive your name and email from Google. When you build an event we store the details you enter: couple names, date, venue, invitation message, dress code, design choices and any cover image you upload.

3. Guest data — added by hosts

Hosts add their guests’ names, phone numbers and optionally email addresses so that private invitation links can be created and shared. We process this data on the host’s behalf, solely to deliver the invitation experience: showing a personalised invitation, recording the RSVP, and — only when the host chooses — sending the guest an invitation or reminder email.

If you are a guest: your data was added by the couple who invited you. We never use it for marketing, never sell it, and never contact you outside of that event. To have your data corrected or removed, ask the couple to delete you from their guest list, or email us and we will handle it.

If you are a host: you confirm you have your guests’ permission to add their contact details and to send them invitations through The Vow.

4. RSVP & usage data

When a guest opens their private link we record that the invitation was opened and, when they respond, their RSVP (attending / not attending, party size, optional plus-one names). Hosts see this for their own event only. We also keep a log of invitation emails we send (recipient, subject, delivered/failed) so hosts can see what was sent.

5. Cookies

We use only essential cookies: the session cookie that keeps hosts signed in. There are no advertising or cross-site tracking cookies. Guests can open invitations without any account and without tracking cookies.

6. Where your data lives (processors)

We rely on a small number of infrastructure providers:

  • Supabase — database, authentication and file storage.
  • Vercel — application hosting.
  • Resend — transactional email delivery (invitations, reminders, account emails).

Each provider processes data only to run the service. We do not sell or rent personal data to anyone.

7. Retention & deletion

Event and guest data is kept while the host’s account and event exist. Deleting a guest removes their row; deleting an event removes its guests and RSVPs; deleting your account removes your events. To request full deletion, email hello@thevow.life and we will complete it within 30 days.

8. Security

All traffic is encrypted in transit (HTTPS). Access to data is restricted by row-level security: hosts can only read their own events and guests, and guests can only access the single invitation matching their private link token. Invitation tokens are long random values that cannot be guessed or enumerated.

9. Children

The Vow is not directed at children under 16 and we do not knowingly collect their data, other than guest names a host may add (e.g. family members attending with their parents).

10. Your rights & changes to this policy

You may request access to, correction of, or deletion of your personal data at any time via hello@thevow.life. If we make material changes to this policy we will update the date above and, for significant changes, notify hosts by email.